CVE-2002-0002

critical

Description

Format string vulnerability in stunnel before 3.22 when used in client mode for (1) smtp, (2) pop, or (3) nntp allows remote malicious servers to execute arbitrary code.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/7741

http://www.securityfocus.com/bid/3748

http://www.redhat.com/support/errata/RHSA-2002-002.html

http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-004.php3

http://stunnel.mirt.net/news.html

http://online.securityfocus.com/archive/1/248149

http://online.securityfocus.com/archive/1/247427

http://marc.info/?l=stunnel-users&m=100869449828705&w=2

Details

Source: Mitre, NVD

Published: 2002-01-31

Updated: 2025-04-03

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.14916

Detections

Analytics